[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 13/34] xen/arm: gic: Introduce GIC_SGI_MAX

On Tue, 2014-03-25 at 23:23 +0000, Julien Grall wrote:
> Hi Stefano,
> 
> On 25/03/14 18:19, Stefano Stabellini wrote:
> > On Tue, 25 Mar 2014, Julien Grall wrote:
> >> All the functions that send an SGI takes an enum. Therefore checking 
> >> everytime
> >> if the value is in the range is not correct.
> >>
> >> Introduce GIC_SGI_MAX to check the enum will never reach more than 16 
> >> values.
> >>
> >> This is fix the compilation with Clang 3.5:
> >>
> >> gic.c:515:15: error: comparison of constant 16 with expression of type 
> >> 'enum gic_sgi' is always true 
> >> [-Werror,-Wtautological-constant-out-of-range-compare]
> >>     ASSERT(sgi < 16); /* There are only 16 SGIs */
> >>            ~~~ ^ ~~
> >> xen/xen/include/xen/lib.h:43:26: note: expanded from macro 'ASSERT'
> >>      do { if ( unlikely(!(p)) ) assert_failed(#p); } while (0)
> >>                           ^
> >> xen/xen/include/xen/compiler.h:11:41: note: expanded from macro 'unlikely'
> >>   #define unlikely(x)   __builtin_expect((x),0)
> >>
> >> Signed-off-by: Julien Grall <julien.grall@xxxxxxxxxx>
> >> Cc: Ian Campbell <ian.campbell@xxxxxxxxxx>
> >> Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>
> >> Cc: Tim Deegan <tim@xxxxxxx>
> >> ---
> >>   xen/arch/arm/gic.c        |    7 ++++---
> >>   xen/include/asm-arm/gic.h |    2 ++
> >>   2 files changed, 6 insertions(+), 3 deletions(-)
> >>
> >> diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
> >> index 0095b97..41142a5 100644
> >> --- a/xen/arch/arm/gic.c
> >> +++ b/xen/arch/arm/gic.c
> >> @@ -481,7 +481,8 @@ void send_SGI_mask(const cpumask_t *cpumask, enum 
> >> gic_sgi sgi)
> >>       unsigned int mask = 0;
> >>       cpumask_t online_mask;
> >>
> >> -    ASSERT(sgi < 16); /* There are only 16 SGIs */
> >> +    BUILD_BUG_ON(GIC_SGI_MAX >= 16);
> >> +    ASSERT(sgi != GIC_SGI_MAX);
> >
> > These new checks wouldn't be able to cover the following case, while the
> > previous check could:
> >
> > enum gic_sgi sgi = (enum gic_sgi) integer_greater_than_16;
> > send_SGI_mask(something, sgi);
> 
> Why people would do that?

enums and ints are often, for better or worse, interchangeable. That's
why the existing assert is there, to catch people who are inadvertently
doing something like this. (I don't think the cast in Stefano's example
is strictly needed, so a real case is less likely to leap out into your
face during review).

> I think instead of an ASSERT, sgi & 0xff might better. It won't be 
> harmless for the GIC, even debug is turned off. Right now, the 
> developper can put the GIC in wrong state if the value is not in this range.

The whole point of this assert is to help catch programmer mistakes. If
the programmers and review process was perfect then the assert would be
unnecessary.

Does ASSERT(sgi < GIC_SGI_MAX) not compiler without warnings?

> If people wants to give a number instead of an enum, let them go to the 
> hell! They should have used the right type.

As you have discovered in libxl it is sometimes necessary to take an
enum through an integer for various tedious API/ABI reasons.

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.